Google Chrome Gets Automatic Single Sign-on, Brings Security Risks
The company works so hard on making sure its browser and apps play nice together
Chrome is fast becoming the preferred gateway to all Google products in the cloud. Offline access to Gmail returned (Chrome only) — and now, further streamlining your access to the cloud, Chrome has added an auto-login option to its experimental about:flags page.
Google Chrome Gets Automatic Single Sign-on
With “pre- and auto-login” enabled, Chrome stores authentication details for the Google account you’ve set up in your sync options as a cookie. That cookie enables single sign-on at any Google Account-enabled web page (like Gmail, Google Docs, Google Reader, Picasa, etc.). No more re-entering your password on Gmail after you’ve logged in on Google Reader: just load the page and watch it auto-refresh.
There’s also mention of a Chrome infobar (like those that appear to translate or block scripts) being displayed when a compatible page is detected, hinting that Chrome’s auto-login might be available to third-party sites across the web, similar to what Mozilla has been working on with BrowserID.
Right now, auto-login is hidden behind a flag. That’s a good thing, because there’s a security issue that needs to be sorted out before it’s made a default.
Chrome's Security Toolkit
Chrome OS offers this functionality as part of its security toolkit, and it would make sense for Google to introduce something similar in the Chrome browser for other platforms — or at least to make with a master password option already.